In a networked environment it is frequently desirable to secure communication between two endpoints. Typically the communication is secured by applying security protocols to the packets being exchanged at each of the endpoints. The security protocols are used to authenticate and authorize the individual endpoints, typically using encryption, tunneling or other method of making the packet indiscernible to any other individual which eavesdrops on the link.
Although the security protocols are largely effective, they cannot prevent eavesdropping on the link. Thus rogue devices may still collect packets that are exchanged between the endpoints and store them while attempting to identify the security policies and keys that are used for the communication. There are three basic types of eavesdropping. A rogue individual may simply cut the fiber and impersonate the receiver. In this manner, the sender often cannot detect that it is not communicating with the desired end-point device. Alternatively, the individual may simply tap the fiber, and listen to the data exchanged between the end-points. Such taps are generally undetectable by either end-point, as communication is not disrupted. The third type of eavesdropping is a so-called ‘man in the middle’ attack. In the man-in-the middle attack, the individual makes a connection between the sender and the receiver. The man-in-the-middle impersonates the receiver; collecting data transmitted from the sender, storing the data, and forwarding it to the receiver. The man-in-the-middle also impersonates the sender for receiver initiated communication. Thus it collects data that is forwarded from the receiver back to the sender. Often the sender and receiver are unaware of the man-in-the-middle as packets still reach the end-points, albeit with some delay. Thus, although security protocols can be used to encrypt packets and make the decode of the packets by eavesdropping devices more difficult, they cannot prevent the packet from landing in the hands of undesired recipients. Such security can only be obtained by securing the physical link, or fiber, between the devices to identify interruptions in the fiber.
On method of detecting intruders on the fiber involves forwarding a single photon down the fiber from a sender to a receiver. If there is a rogue connection on the fiber, the photon will be absorbed at the rogue device, not making it to the receiver. When the sender attempts to verify the receipt of the photon at the receiver, and the receiver indicates that it has not been received, the pair know that the fiber has been compromised.
Similarly, a second of detecting an undesired presence on the fiber involves the sender forwarding two photons that are separated in polarization, and forwarding the photons on a polarization sensitive fiber to the receiver. Any snooping of the photons between the sender and the receiver causes the polarization of the photons to be changed, thus indicating to the sender/receiver pair that the fiber has been compromised. One drawback of such a solution is that it requires the use of polarization maintaining fiber which is expensive and thus increases the overall cost of the communication link.
There are several problems with using the single or double photon transmission methods above to secure the fiber. First, due to the inherent nature of lasers it is often difficult to separate only one or two photons from the lased light source. The second problem arises due to the inherent nature of the fiber; one or two photons can easily be absorbed due to impurities in the fiber, or the photon can escape at some point during transmission. In addition, the solutions are only suitable in environments having relatively short fiber spans, as the inclusion of an amplifier in the path would make the solutions inoperable. Further, because the generation and receipt of a single photon may only be reliably implemented at a relatively low bit rate, users were often limited to the use of key based mechanisms for securing exchanges. Thus, the reliability, robustness and feasibility of these methods is questionable. It would be desirable to identify a more reliable method of securing a fiber.